article

Software Model Checking: The VeriSoft Approach

Author:

Patrice GodefroidAuthors Info & Claims

Formal Methods in System Design, Volume 26, Issue 2

Pages 77 - 101

https://doi.org/10.1007/s10703-005-1489-x

Published: 01 March 2005 Publication History

Abstract

Verification by state-space exploration, also often referred to as model checking , is an effective method for analyzing the correctness of concurrent reactive systems (for instance, communication protocols). Unfortunately, traditional model checking is restricted to the verification of properties of models, i.e., abstractions , of concurrent systems.

We discuss in this paper how model checking can be extended to analyze arbitrary software , such as implementations of communication protocols written in programming languages like C or C++. We then introduce a search technique that is suitable for exploring the state spaces of such systems. This algorithm has been implemented in VeriSoft , a tool for systematically exploring the state spaces of systems composed of several concurrent processes executing arbitrary code.

During the past five years, VeriSoft has been applied successfully for analyzing several software products developed in Lucent Technologies, and has also been licensed to hundreds of users in industry and academia. We discuss applications, strengths and limitations of VeriSoft, and compare it to other approaches to software model checking, analysis and testing.

References

[1]

1. A. Aho, J. Hopcroft, and J. Ullman, The Design and Analysis of Computer Algorithms , Addison-Wesley, 1974.]]

Digital Library

[2]

2. T. Ball and S. Rajamani, "The SLAM Toolkit," in Proeedings of CAV'2001 (13th Conference on Computer Aided verification) , volume 2102 of Lecture Notes in Computer Science , Springer-Verlag: Paris, July 2001, pp. 260-264.]]

Digital Library

[3]

3. M. Benedikt, J. Freire, and P. Godefroid, "VeriWeb: Automatically Testing Dynamic Web Sites," in Proceedings of WWW'2002 (11th International World Wide Web Conference) , Honolulu, May 2002.]]

[4]

4. B. Boigelot and P. Godefroid, "Model checking in practice: An analysis of the ACCESS.bus protocol using SPIN," in Proceedings of Formal Methods Europe'96 , volume 1051 of Lecture Notes in Computer Science , Springer-Vetlag: Oxford, March 1996, pp. 465-478.]]

Digital Library

[5]

5. B. Boigelot and P. Godefroid, "Automatic synthesis of specifications from the dynamic observation of reactive programs," in Proceedings of the Third international Workshop on Tools and Algorithms for the Construction and Analysis of systems (TACAS'97) , volume 1217 of Lecture Notes in Computer Science , Springer-Verlag: Twente, April 1997, pp. 321-333.]]

Digital Library

[6]

6. R.E. Bryant, "Symbolic boolean manipulation with ordered binary-decision diagrams," ACM Computing Surveys , Vol. 24, No. 3, pp. 293-318, 1992.]]

Digital Library

[7]

7. J.R. Burch, E.M. Clarke, K.L. McMillan, D.L. Dill, and L.J. Hwang, "Symbolic model checking: 10 ²⁰ states and beyond," in Proceedings of the 5th Symposium on Logic in Computer Science , Philadelphia, June 1990, pp. 428-439.]]

[8]

8. J. Chang, D. Richardson, and S. Sankar, "Structural Specification-based Testing with ADL," in Proceedings of ISSTA'96 (International Symposium on Software Testing and Analysis) , San Diego, January 1996, pp. 62- 70 .]]

Digital Library

[9]

9. S. Chandra, P. Godefroid, and C. Palm, "Software Model Checking in Practice: An Industrial Case Study," in Proceedings of ICSE'2002 (24th International Conference on software Engineering) , ACM: Orlando, May 2002, pp. 431-441.]]

Digital Library

[10]

10. J. D. Choi, B.P. Miller, and R.H.B. Netzer, "Techniques for debugging parallel programs with flowback analysis," ACM Transactions on Programming Languages and Systems , October 1991, pp. 491-530.]]

Digital Library

[11]

11. E.M. Clarke, E.A. Emerson, and A.P. Sistla, "Automatic verification of finite-state concurrent systems using temporal logic specifications," ACM Transactions on Programming Languages and Systems , Vol. 8, No. 2, pp. 244-263, 1986.]]

Digital Library

[12]

12. E.M. Clarke, O. Grumberg, H. Hiraishi, S. Jha, D.E. Long, K.L. McMillan, and L.A. Ness, "Verification of the Futurebus+ cache coherence protocol," in Proceedings of the Eleventh International Symposium on Computer Hardware Description Languages and Their Apllications , North Holland, 1993.]]

Digital Library

[13]

13. E.M. Clarke, O. Grumberg, and D.E. Long, "Model checking and abstraction," in Proceedings of the 19th Annual ACM Symposium on Principles of Programming Languages , January 1992.]]

Digital Library

[14]

14. R. Cleaveland, J. Parrow, and B. Steffen, "The concurrency workbench: A semantics based tool for the verification of concurrent systems," ACM Transactions on Programming Languages and Systems , Vol. I No. 15, pp. 36-72, 1993.]]

Digital Library

[15]

15. C. Colby. "Analyzing the communication topology of concurrent programs," in Proceedings of the Symposium on Partial Evaluation and Semantics-Based Program Manipulation , ACM Press: New York, NY. USA, June 1995, pp. 202-213.]]

Digital Library

[16]

16. C. Colby, P. Godefroid. and L. J. Jagadeesan, "Automatically closing open reactive programs," in Proceedings of 1998 ACM SIGPLAN Conference on Programming Language Design and Implementation , ACM Press: Montreal, June 1998, pp. 345-357.]]

Digital Library

[17]

17. J.C. Corbett, "Constructing abstract models of concurrent real-time software," in Proceedings of ISSTA'96 (International Symposium on Software Testing and Analysis) , San Diego, January 1996, pp. 250-260.]]

Digital Library

[18]

18. J.C. Corbett, M.B. Dwyer, J. Hatcliff, S. Laubach, C.S. Pasareanu, Robby, and H. Zheng, "Bandera: Extracting Finite-State Models from Java Source Code," in Proceedings of the 22nd International Conference on Software Engineering , 2000.]]

Digital Library

[19]

19. R. Cridlig, "Semantic analysis of shared-memory concurrent languages using abstract model-checking," in Proceedings of the Symposium on Partial Evaluation and Semantics-Based Program Manipulation , ACM Press: New York, NY, USA, June 1995, pp. 214-225.]]

Digital Library

[20]

20. D.L. Dill, A.J. Drexler, A.J. Hu, and C.H. Yang, "Protocol verification as a hardware design aid," in 1992 IEEE International Conference on Computer Design: VLSI in Computers and Processors , IEEE Computer Society: Cambridge, MA, October 1992, pp. 522-525.]]

Digital Library

[21]

21. L.K. Dillon and Q. Yu, "Oracles for checking temporal properties of concurrent systems," Software Engineering Notes , Vol. 19, No. 5, pp. 140-153, 1994. in Proceedings of the 2nd ACM SIGSOFT Symposium on Foundations of Software Engineering.]]

Digital Library

[22]

22. D. Drusinsky, "The temporal rover and the ATG rover," in Proceedings of the 2000 SPIN Workshop , volume 1885 of Lecture Notes in Computer Science , Springer-Verlag, 2000, pp. 323-330.]]

Digital Library

[23]

23. A.R. Flora-Holmquist and M. Staskauskas, "Formal validation of virtual finite state machines," in Proc. Workshop on Industrial-Strength formal Specification Techniques (WIFT'95) , Boca Raton, April 1995, pp. 122- 129.]]

Digital Library

[24]

24. J.C. Fernandez, H. Garavel, L. Mounier, A. Rasse, C. Rodriguez, and J. Sifakis, "A toolbox for the verification of LOTOS programs," in Proc. of the 14th International Conference on Software Engineering ICSE'14 , ACM: Melbourne, Australia, May 1992.]]

Digital Library

[25]

25. J.-C. Fernandez, C. Jard, Th. Jeron, and C. Viho, "Using on-the-fly verification techniques for the generation of test suites," in Proc. 8th Conference on Computer Aided Verification , volume 1102 of Lecture Notes in Computer Science , New Brunswick, Springer-Verlag, August 1996.]]

Digital Library

[26]

26. P. Godefroid, "Using partial orders to improve automatic verification methods," in Proc. 2nd Workshop on Computer Aided Verification , volume 531 of Lecture Notes in Computer Science , Rutgers, June 1990, pp. 176- 185, Springer-Verlag. Extended version in ACM/AMS DIMACS Series, Volume 3, pp. 321-340, 1991.]]

Digital Library

[27]

27. P. Godefroid, Partial-Order Methods for the Verification of Concurrent systems-An Approach to the State-Explosion Problem , Volume 1032 of Lecture Notes in Computer Science . Springer-Verlag, January 1996.]]

Digital Library

[28]

28. P. Godefroid, "Model Checking for Programming Languages using Verisoft,"in Proceedings of the 24th ACM Symposium on Principles of Programming Languages , Paris, January 1997, pp. 174-186]]

Digital Library

[29]

29. P. Godefroid, "Exploiting symmetry when model-checking software." in Proceedings of FORTE/PSTV'99 (Formal Description Techniques and Protocol Specification, Testing and Verification) , Beijing, October 1999, pp. 257-275.]]

Digital Library

[30]

30. P. Godefroid, R.S. Hanmer, and L.J.Jagadeesan, "Model Checking Without a Model: An Analysis of the Heart-Beat Monitor of a Telephone Switch using VeriSoft," in Proceedings of ACM SIGSOFT ISSTA'98 (International Symposium on Software Testing and Analysis) , Clearwater Beach, March 1998, pp. 124- 133.]]

Digital Library

[31]

31. P. Godefroid, J. Herbsleb, L. Jagadeesan, and D. Li, "Ensuring Privacy in Presence Awareness Systems: An Automated Verification Approach," in Proceedings of CSCW'2000 (ACM Conference on Computer Supported Cooperative Work) , Philadelphia, Decembcr 2000.]]

Digital Library

[32]

32. P. Godefroid, G.J. Holzmann, and D. Pirottin, "State-Space Caching Revisited," Formal Methods in System Design , Vol. 7, No. 3, pp. 1-15, 1995.]]

Digital Library

[33]

33. P. Godefroid, L.Jagadeesan, R. Jagadeesan, and K. Laufer, "Automated Systematic Testing for Constraint-Based Interactive Services," in Proceedings of FSE'2000 (8th International Symposium on the Foundations of Software Engineering) , San Diego, November 2000, pp. 40-49]]

Digital Library

[34]

34. P. Godefroid and S. Khurshid,"Exploring Very Large State Spaces Using Genetic Algorithms," in Proeeedings of TACAS'2002 (8th Conference on Tools and Algorithms for the Construction and Analysis of systems) , Grenoble, April 2002.]]

Digital Library

[35]

35. P. Godefroid and D. Pirottin, "Refining dependencies improves partial-order verification methods," in Proc. 5th Conference on Computer Aided Verification , Volume 697 of Lecture Notes in Computer Science , Elounda, Springer-Verlag, June 1993, pp. 438-449.]]

Digital Library

[36]

36. E Godefroid and P. Wolper, "Using partial orders for the efficient verification of deadlock freedom and safety properties," Formal Methods in System Design , Vol. 2. No. 2, pp. 149-164, 1993.]]

Digital Library

[37]

37. Z. Har'El and R.P. Kurshan, "Software for analytical development of communication protocols," AT&T Technical Journal , 1990.]]

[38]

38. G.J. Holzmann, "Tracing protocols," AT&T Technical Journal , Vol. 64, No. 12, pp. 2413-2434, 1985.]]

[39]

39. G.J. Holzmann, Design and Validation of Computer Protocols , Prentice Hall, 1991.]]

Digital Library

[40]

40. G.J. Holzmann and J. Patti, "Validating SDL specifications: An experiment," in Proc. 9th IFIP WG 6.1 International Symposium on Protocol Specification, Testing, and Verification , North-Holland, 1989.]]

Digital Library

[41]

41. K. Havelund and G. Rosu, "Monitoring java programs with java pathExplorer," in Proceedings of RV'2001 (First Workshop on Runtime Verification) , Volume 55 of Electronic Notes in Theoretical Computer Science , Paris, July 2001.]]

[42]

42. G.J. Holzmann and M.H. Smith, "A Practical Method for Verifying Event-Driven Software," in Proceedings of the 21st International Conference on Software Engineering , 1999, pp. 597-607.]]

Digital Library

[43]

43. C. Jard and Th. Jeron, "Bounded-memory algorithms for verification on-the-fly," in Proc. 3rd Workshop on Computer Aided Verification , Volume 575 of Lecture Notes in Computer Science , Aalborg Springer-Verlag, July 1991.]]

Digital Library

[44]

44. L. Jagadeesan, A. Porter, C. Puchol, J.C. Ramming, and L. Votta, "Specification-based testing of reactive software: Tools and experiments," in Proceedings of the 19th IEEE International Conference on Software Engineering , 1997.]]

Digital Library

[45]

45. S. Katz and D. Peled, "Defining conditional independence using collapses," Theoretical Computer Science , Vol. 101, pp. 337-359, 1992.]]

Digital Library

[46]

46. L. Lamport, "Proving the correctness of multiprocess programs," IEEE Transactions on Software Engineering , Vol. SE-3, No. 2, pp. 125-143, 1977.]]

Digital Library

[47]

47. D.L. Long and L.A. Clarke, "Data flow analysis of concurrent systems that use the rendezvous model of synchronization," in Proceedings of ACM Symposium on Testing, Analysis, and verification (TAV4) , Vancouver, October 1991, pp. 21-35.]]

Digital Library

[48]

48. O. Lichtenstein and A. Pnueli, "Checking that finite state concurrent programs satisfy their linear specification," in Proceedings of the Twelfth ACM Symposium on Principles of Programming Languages , New Orleans. January 1985, pp. 97-107.]]

Digital Library

[49]

49. Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems: Specification , Springer-Verlag, 1992.]]

Digital Library

[50]

50. S.P. Masticola and B.G. Ryder, "Non-concurrency analysis," in Proceedings of Fourth ACM SIGPLAN Symposium on Principles & Practice of Parallel programming , San Diego, May 1993, pp. 129-138.]]

Digital Library

[51]

51. A. Mazurkiewicz, "Trace theory," in Petri Nets: Applications and Relationships to Other Models of Concurrency. Advances in Petri Nets 1986, Part II; Proceedings of an Advanced Course , Volume 255 of Lecture Notes in Computer Science , Springer-Verlag, 1986, pp. 279-324.]]

Digital Library

[52]

52. K.L. McMillan, Symbolic Model Checking , Kluwer Academic Publishers, 1993.]]

Digital Library

[53]

53. W.T. Overman, "Verification of Concurrent Systems: Function and Timing," PhD thesis, University of California Los Angeles, 1981.]]

Digital Library

[54]

54. D. Peled, "All from one, one for all: on model checking using representatives," in Proc. 5th Conference on Computer Aided Verification , Volume 697 of Lecture Notes in Computer Science , Springer-Verlag, Elounda, June 1993, pp. 409-423.]]

Digital Library

[55]

55. J.P Qnielle and J. Sifakis, "Specification and verification of concurrent systems in CESAR," in Proc. 5th Int'l Symp. on Programming , Volume 137 of Lecture Notes in Computer Science , Springer-Verlag, 1981, pp. 337-351.]]

[56]

56. D.J. Richardson, "TAOS: Testing with analysis and oracle support," in Proceedings of the 1994 International Symposium on Software Testing and Analysis , August 1994.]]

Digital Library

[57]

57. H. Rudin, "Protocol development success stories: Part I," in Proc. 12th IFIP WG 6.1 International Symposium on Protocol Specification, Testing, and Verification , Lake Buena Vista, Florida, North-Holland, June 1992.]]

Digital Library

[58]

58. S.D. Stoller, "Model Checking Multi-Threaded Distributed Java Programs," in Proceedings of SPIN'2000 (7th SPIN Workshop) , Volume 1885 of Lecture Notes in Computer Science , Springer-Verlag, 2000.]]

Digital Library

[59]

59. R.N. Taylor, "A general purpose algorithm for analyzing concurrent programs," Communications of the ACM , May 1983, pp. 362-376.]]

Digital Library

[60]

60. A. Valmari. "Stubborn sets for reduced state space generation," in Advances in Petri Nets 1990 , Volume 483 of Lecture Notes in Computer Science , Springer-Verlag, 1991 pp. 491-515.]]

Digital Library

[61]

61. M.Y. Vardiand P. Wolper, "'An automata-theoretic approach to automatic program verification," in Proceedings of the First Symposium on Logic in Computer Science , Cambridge, June 1986, pp. 322-331.]]

[62]

62. A. Venet,"Abstract interpretation of the π-calculus," in Mads Dam (F.d.), Analysis and Verification of Multiple-Agent Languages (Proceedings of the Fifth LOMAPS Workshop) , Volume 1192 of Lecture Notes in Computer Science . Springer-Verlag, 1997, pp. 51-75.]]

Digital Library

[63]

63. W. Visser. K. Havelund, G. Brat, and S. Park, "Model checking programs," in Proceedings of ASE'2000 (15th International Conference on Automated Software Engineering) , Grenoble, September 2000.]]

Digital Library

[64]

64. M. Yannakakis and D. Lee, "Testing Finite-State Mechines," in Proceedings of the 23rd Annual ACM Symposium on the Theory of Computing , 1991, pp. 476-485.]]

Digital Library

Cited By

Wolff DShi ZDuck GMathur URoychoudhury ATsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Greybox Fuzzing for Concurrency TestingProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640389(482-498)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640389
Shi ZMathur UPavlogiannis ARoychoudhury APaiva AAbreu RStorey M(2024)Optimistic Prediction of Synchronization-Reversal Data RacesProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639099(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639099
Abdulla PAtig MDas SJonsson BSagonas K(2024)Parsimonious Optimal Dynamic Partial Order ReductionComputer Aided Verification10.1007/978-3-031-65630-9_2(19-43)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-65630-9_2
Show More Cited By

Recommendations

Efficient modular glass box software model checking
OOPSLA '10: Proceedings of the ACM international conference on Object oriented programming systems languages and applications

Glass box software model checking incorporates novel techniques to identify similarities in the state space of a model checker and safely prune large numbers of redundant states without explicitly checking them. It is significantly more efficient than ...
On-the-fly decomposition of specifications in software model checking
FSE 2016: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering

Major breakthroughs have increased the efficiency and effectiveness of software model checking considerably, such that this technology is now applicable to industrial-scale software. However, verifying the full formal specification of a software system ...
Efficient modular glass box software model checking
OOPSLA '10

Glass box software model checking incorporates novel techniques to identify similarities in the state space of a model checker and safely prune large numbers of redundant states without explicitly checking them. It is significantly more efficient than ...

Comments

Information & Contributors

Information

Published In

cover image Formal Methods in System Design

Formal Methods in System Design Volume 26, Issue 2

March 2005

141 pages

ISSN:0925-9856

Issue’s Table of Contents

Copyright © Copyright © 2005 Springer Science + Business Media, Inc.

Publisher

Kluwer Academic Publishers

United States

Publication History

Published: 01 March 2005

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

74
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wolff DShi ZDuck GMathur URoychoudhury ATsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Greybox Fuzzing for Concurrency TestingProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640389(482-498)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640389
Shi ZMathur UPavlogiannis ARoychoudhury APaiva AAbreu RStorey M(2024)Optimistic Prediction of Synchronization-Reversal Data RacesProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639099(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639099
Abdulla PAtig MDas SJonsson BSagonas K(2024)Parsimonious Optimal Dynamic Partial Order ReductionComputer Aided Verification10.1007/978-3-031-65630-9_2(19-43)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-65630-9_2
Kokologiannakis MMajumdar RVafeiadis V(2024)Enhancing GenMC’s Usability and PerformanceTools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-031-57249-4_4(66-84)Online publication date: 6-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57249-4_4
Kokologiannakis MMarmanis IGladstein VVafeiadis V(2022)Truly stateless, optimal dynamic partial order reductionProceedings of the ACM on Programming Languages10.1145/34987116:POPL(1-28)Online publication date: 12-Jan-2022
https://dl.acm.org/doi/10.1145/3498711
Trimananda RLuo WDemsky BXu G(2022)Stateful Dynamic Partial Order Reduction for Model Checking Event-Driven Applications that Do Not TerminateVerification, Model Checking, and Abstract Interpretation10.1007/978-3-030-94583-1_20(400-424)Online publication date: 16-Jan-2022
https://dl.acm.org/doi/10.1007/978-3-030-94583-1_20
Hoshino SArahori YGondow K(2021)Postmortem accurate IR-level state recovery for deployed concurrent programsACM SIGAPP Applied Computing Review10.1145/3493499.349350221:3(33-48)Online publication date: 20-Oct-2021
https://dl.acm.org/doi/10.1145/3493499.3493502
Bui TChatterjee KGautam TPavlogiannis AToman V(2021)The reads-from equivalence for the TSO and PSO memory modelsProceedings of the ACM on Programming Languages10.1145/34855415:OOPSLA(1-30)Online publication date: 15-Oct-2021
https://dl.acm.org/doi/10.1145/3485541
Kokologiannakis MKaysin IRaad AVafeiadis V(2021)PerSeVerE: persistency semantics for verification under ext4Proceedings of the ACM on Programming Languages10.1145/34343245:POPL(1-29)Online publication date: 4-Jan-2021
https://dl.acm.org/doi/10.1145/3434324
Agarwal UDeligiannis PHuang CJung KLal ANaseer IParkinson MThangamani AVedurada JXiao YGrundy J(2021)NekaraProceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering10.1109/ASE51524.2021.9678838(679-691)Online publication date: 15-Nov-2021
https://dl.acm.org/doi/10.1109/ASE51524.2021.9678838
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents